Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
AnalysisAI
Unauthenticated attackers can exploit SQL injection in Flowring's Docpedia to execute arbitrary database queries and extract sensitive information without authentication. The vulnerability requires no user interaction and is remotely accessible over the network, presenting a critical risk to all deployments. No patch is currently available to remediate this issue.
Technical ContextAI
Classified as CWE-89 (SQL Injection). Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Affected ProductsAI
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read d
RemediationAI
Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today